• Assume overall responsibility for information security infrastructure including developing strategic plans and identifying key success factors
• Sets priorities and allocates the resources to achieve department and corporate goals
• Establish and maintain a set of procedures for identifying, prioritizing, implementing, and reporting patches that resolve security exposures to the network and computing devices across the enterprise
• Conduct a security assessment of modifications to the Company's network and computing architecture before they are placed in production
• Conduct periodic reviews of the IT network devices' configuration to determine version currency and identify and mitigate the potential weaknesses to prevent unauthorized access or disrupt the Company's network and computing services
• Work with Internal Audit, Executive Management and other departments to establish audits and reporting
• Participate in testing and evaluation of IT internal controls
• Conduct annual information security audits of the company's vendors
• Establish information security policies within the Information Technology group with appropriate compliance monitoring and enforcement
• Establish and ensure compliance with incident prevention and response
• Manage and ensure PCI and SOX compliance
• Keep up on industry best practices

Skills: Security Strategy, Patch Management, Risk Assessment, Configuration Review, Audit Coordination, Policy Enforcement, Incident Response, Compliance Management

• Designs and oversees the logical and physical Security Management infrastructure, not inclusive of physical facilities, including numerous ports of entry, colocation and commercial cloud service provider-based solutions, and thousands of IoT devices
• Develops and maintains documented IT Security Policies, Processes and Standards
• Collaborate with CBP staff to address program-related security requirements to obtain Interim Authorization to Operate (IATO), Authorization to Operate (ATO) and Ongoing Authorization (OA)
• Ensures IT Security functions are carried out in compliance with corporate and Government security guidelines and objectives
• Provides guidance and assistance to new IT initiatives and projects to ensure appropriate levels of security are included with new compute and storage solutions
• Ensures IT Security functions are carried out in compliance with legal and statutory obligations
• Designs and oversees the development of the Security Management infrastructure
• Liaisons with clients on security requirements and Incident Response
• Reviews OLAs, SLAs to ensure compliance with Security Management goals and objectives
• Serve as the Program’s primary interface with the CBP CISO and organization
• Provide expertise on Risk Management Framework (RMF), NIST SP800, 4300-A controls support, change governance, accreditation, authorization, FISMA compliance, FedRAMP, security assessment plans

Skills: Security Infrastructure, Policy Development, Compliance Oversight, Risk Management, Cloud Security, Authorization Support, Incident Response, Client Liaison

• Oversee 24/7 security operations, vulnerability and threat management programs
• Direct all scanning and remediation activities
• Develop and maintain security incident response procedures and lead incident response investigations
• Provide vision for and manage security tools and cloud security controls
• Manage detection and response, intrusion detection/prevention, firewall, web application firewall, data loss prevention, information protection, email security and phishing
• Define and maintain security architecture standards and procedures
• Collaborate with Information Technology Solution Architects and participate in the Architectural Review Board
• Perform security architecture reviews for new and existing vendors, tools and processes

Skills: Security Operations, Threat Management, Incident Response, Cloud Security, Firewall Management, Data Protection, Security Architecture, Vendor Assessment

• Develop security capabilities for cloud, website, data analytics and application security control architecture
• Drive governance of identity and access management principles
• Implement and maintain MFA, PAM, conditional access, least privilege access, SSO/SAML integrations and directory service health Identity Management
• Collaborate and communicate effectively at all levels and make recommendations to Senior Information Technology and business leaders
• Develop strong partnerships across the organization
• Champion IT-related initiatives and best practices throughout the business, promoting the advantages and benefits of IT security controls
• Coordinate Information Security portfolio and change management activities, recognize control gaps and apply lessons learned
• Stay up-to-date on information security trends and standards

Skills: Cloud Security, Identity Governance, Access Control, SSO Integration, Stakeholder Communication, Cross-Functional Collaboration, Change Management, Security Trends

• Develop, implement, and monitor strategic and tactical plans, comprehensive enterprise information, and the security and risk management program 
• Ensure the confidentiality, integrity, and availability of information owned, controlled, or processed by the company
• Develop, maintain and publish up-to-date security policies, standards and guidelines
• Oversee training and dissemination of security policies and practices in the APi security management framework
• Lead the day-to-day operations of the Information Security team including training, staff development, and third-party usage
• Mentor and coach IT professionals
• Manage security, regulatory and compliance requirements
• Manage periodic security assessments, vulnerability assessments, and business continuity tests in accordance with best industry practices
• Develop metrics and reporting for measuring and improving the effectiveness of the overall information security plan
• Drive continuous improvement, improving service levels and reducing the overall risk exposure for the organization

Skills: Risk Management, Security Policies, Staff Training, Team Leadership, Compliance Oversight, Vulnerability Assessment, Security Metrics, Continuous Improvement

• Assess risk and continuously perform gap analysis on the security controls and strategy
• Propose changes to decrease risk while improving the protection of APi Group Inc. customer data
• Manage security incidents and events to protect corporate IT assets
• Act as the primary corporate control point during follow-up on significant information security incidents
• Advise the leadership team on risk issues that are related to information security and recommend actions in support of the company's wider risk management programs
• Provide strategic risk guidance and advocacy for infrastructure investments and IT projects including project prioritization, and the evaluation and recommendation of technical controls
• Oversee the coordination of IT Business Continuity and Disaster Recovery planning to ensure IT systems can respond to a disaster so that critical business functions can be resumed within a defined time frame and data loss is minimized
• Actively embrace the IT framework
• Engage in, contribute to, and promote "Communities of Excellence"
• Partner with IT Directors to demonstrate a “standard of excellence” in the APi employee and IT employee roles
• Build relationships, provide work coordination, and act as an IT liaison with other APi Companies, departments, and strategic partners

Skills: Risk Assessment, Gap Analysis, Incident Management, Risk Advisory, Strategic Guidance, Disaster Recovery, IT Collaboration, Relationship Building

• Manage maintenance and optimization of internal IT infrastructure, corporate policies and procedures
• Maintain, continuously revise and improve the existing Information Security Management System (ISMS) and Personal Data Protection Policies
• Establish and maintain secure storage of the ISMS documents and sensitive information
• Ensure all company operations are consistent in all locations and adhere to the requirements of the ISMS documents
• Manage ISO certification schedule and represent the company during regular external audits
• Monitor and react to the changes in European and American regulations concerning the remote IT consulting business (GDPR, NIS, etc.)
• Actively collaborate with the Legal Department, CTO and Marketing and Management
• Execute IT security and ISO compliance training to employees
• Threat detection, network behavior management, firewall blacklist, IDS and self-developed abnormal traffic analysis service
• Incident response, intranet server log and security collection
• Manage business continuity and disaster recovery plans
• Implement and manage onboarding/offboarding security processes
• Security incident and event management (SIEM)
• Define proper policy and processes for all parts of the InfoSec posture

Skills: IT Infrastructure, ISMS Management, Data Protection, ISO Compliance, Threat Detection, Incident Response, SIEM Oversight, Policy Development

• Support BISO in Business IT Security, with the support of the local IT Team, IT Security Teams and Group IT Security
• Support BISO in the maintenance of the Local Business Unit IT Security Program, to perform continuous improvement on the Business Unit security posture
• Drive local Business Unit IT Security Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement
• Coordinate Group IT Security Initiatives in the country
• Support the preparation of IT Security Metrics and Risk Mapping, along with the resolution of deficiencies identified on those Metrics
• Drive awareness and support to Group IT Security, Group IT and the Business Unit IT, to understand the IT Security Solutions and Processes, as well as their implications across the organization
• Work closely with the Business Unit Head of IT Security (BISO), Head of IT and Group CISO, through the tracking and reporting function, to ensure regular updates to management on the IT Security Program and risks
• Refines, implements and maintains the IT Security Management policy/framework
• Support projects and inquiries from other functions/stakeholders and provide risk consultancy
• Respond to security incidents and report to the appropriate stakeholders
• Coordinates security-related campaigns, programs and projects in cooperation with other IT departments with a strong focus on maintaining implemented services long-term (e.g., SOC, ITSM, IT risk management, awareness, business continuity)
• Report and communicate on technical issues in business/risk/impact terms
• Helps set up, refine and implement a IT-/Cyber-Security Strategy
• Gives guidance to other IT security community members across LafargeHolcim (e.g., regional or country-based teams)

Skills: Business IT Security, Risk Mapping, Security Projects, Awareness Training, Incident Response, Policy Implementation, Metrics Reporting, Cyber Strategy

• Manage the IT and information security department’s team and personnel
• Creating and maintaining information security policies and procedures
• Selecting and implementing new security initiatives to support the policies and procedures
• Creating and administering security training programs
• Gather information and complete the security reviews periodically
• Design and implement the security infrastructure and program
• Manage the IT needs of employees and the IT inventory of assets and tools
• Assess the information security situation analytically and respond to the incident promptly
• Assess security plans for existing vulnerabilities, prioritize security strategies to best cover sensitive and strategically important information
• Monitor and analyze reports generated by threat monitoring systems
• Support the IT team and provide hands-on experience 

Skills: Team Management, Policy Creation, Security Initiatives, Training Programs, Security Reviews, Infrastructure Design, Incident Response, Threat Monitoring

• Responds to information security alerts, security breaches, and infections, including investigation, countermeasures, and recovery
• Work with IE vendors 
• Implements a solution to track, process and report security alerts
• Architect, research and design a security framework that will proactively and reactively identify and respond to security threats
• Produces security investigations, countermeasures, policy breaches incident reports
• Performs problem management on security incidents to identify risk areas and produce plans for closure
• Regularly audit the environment for compliance and security
• Documents and updates SOP documents in all aspects of the IT environment related to security
• Network design, server hardening, firewall protection, data protection, IAM
• Ensure practices align with HIPAA/HiTech and GDPR
• Reviews solutions to ensure that they meet IE policies and best practices
• Participate in diagnosis and root cause analysis of IT incidents
• Leads IT projects including developing project plans, product selection, and risk assessments
• Works with infrastructure teams, application teams, service providers and end-users to ensure solid solutions to maintain secure and highly available systems

Skills: Security Response, Vendor Management, Threat Tracking, Security Framework, Incident Reporting, Compliance Auditing, Network Design, Risk Assessment

• Enhance and oversee all aspects of the HungerRush General Controls to ensure continued compliance with regulatory and industry mandates
• Establish processes to support the controls and ensure that control self-assessments are conducted promptly, ensuring completeness and accuracy
• Work closely with Technology, Product and Engineering teams to develop appropriate remediation action plans for identified control weaknesses
• Identify and validate key controls to address IT and business risks and work with various teams to address identified deficiencies and help identify compensating controls
• Review and oversee compliance-related procedures, documentation, sign-off, etc, on the HungerRush System’s Incident and Change Management processes
• Develop tools and processes to capture, track and deliver compliance evidence and artifacts
• Direct, manage, and monitor the effort to ensure compliance with the PCI Data Security Standard (PCI-DSS), ISO 27000, GDPR, and HIPAA\HITRUST
• Lead audits of third parties such as vendors, service providers, consulting organizations, etc.
• Educates and mentors technical teams on IT General Controls and compliance initiatives
• Facilitate embedding compliant practices into the way HungerRush operates
• Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to support the various security, compliance and audit requirements
• Provide guidance and support to IT and business to ensure continued compliance with the various mandates
• Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company's compliance initiatives
• Build relationships with technology and business teams across the company
• Interact routinely with assessors, auditors, service providers, consultants/advisers, processing partners and professional organizations
• Define and coordinate external and internal PEN testing standards

Skills: General Controls, Compliance Oversight, Risk Remediation, Control Validation, Change Management, Evidence Tracking, Regulatory Audits, Compliance Training

• Build and maintain a diverse and high-performing team through actively recruiting, hiring, training, coaching, developing, and rewarding team members
• Participate in the CISO-level Security Leadership Team, to represent Cloud Security and Security Platforms' performance and interests
• Collaborate with peers and other Security leaders to achieve goals
• Participate in the Security Ops and Engineering Leadership Team to ensure reliable service delivery and efficient use of all resources
• Develop and manage Goals and Development Items for each team member, monitoring progress, and supporting successful completion
• Coach and lead employees and on/off-site contractors/consultants with respect to strategic direction for approved Security, Technology, and Business technology initiatives
• Continuously assess and align core and extended team member skills with strategic Security and Technology direction
• Develop and maintain critical 3rd-party partnerships to flex Security Operations capacity and skill to meet resource demand
• Inform and collaborate with the Security Leadership team regarding resource forecasting, skillset gaps, and other opportunities, to consistently anticipate demand, while meeting SLAs
• Provide stewardship of people, process, and technology aspects of all Security platforms and Cloud-delivered Security services
• Ensure that all Service Offerings are available and operating reliably
• Ensure that all Service Offerings are aligned with the intent of Security Leadership and any published policies and/or standards, including the development and/or maintenance of supporting processes used by the Cloud Security and Security Platforms teams

Skills: Team Leadership, Talent Development, Cloud Security, Strategic Alignment, Service Reliability, Resource Forecasting, Partner Management, Performance Monitoring

• Establish and maintain good working relationships with all IT, Security, third-party, service consumer, and business stakeholders
• Ensure that appropriate maintenance, monitoring, automation, and response procedures are in place to meet Security and availability objectives
• Ensure that employees and third-party resources conduct operations in a quality manner, in accordance with ITIL and other documented processes
• Understand customer objectives and develop support strategies that map to Service Offerings
• Actively monitor new and emerging technologies, trends, issues, and solutions and assess their applicability to Security capabilities
• Contribute requirements to the technology selection process
• Advocate for new/enhanced Security Service Offerings on behalf of Security Ops and Engineering and its customers
• Partner with Security Architecture to contribute to blueprints and roadmaps that ensure that technology meets all business requirements and anticipates future needs, in a cost-effective manner
• Partner with Security Delivery to ensure that all new Security technology deployments include appropriate support and run-book documentation and that Security Ops and Engineering team members are fully trained 
• Take responsibility for monitoring, ongoing support, routine engineering, and operation of new security technologies
• Partner with the Security GRC team to monitor and enforce compliance with the organization's security policies and standards among employees, contractors, and third parties responsible for Platform and Cloud Security services

Skills: Stakeholder Collaboration, Security Monitoring, Process Automation, Incident Reporting, Technology Assessment, Change Management, Policy Compliance, Cloud Integration

• Guide to, and work alongside BrandSafway IT Leadership team
• Develop a Global IT Security Strategy that is based on industry standards (e.g., NIST, ISO, PCI, SOX, etc.) and delivers increased value from the IT function to the overall business
• Oversee the IT department's compliance with applicable laws and regulations 
• Working closely and collaboratively with both internal and external functions to ensure compliance with privacy regulations, rules, and security requirements
• Maintain, monitor, and work to continuously improve, based on testing, the information security awareness training program provided to all BrandSafway computer end users, including contractors and external consultants
• Collaborate with leadership to establish risk priorities, initiate projects, develop and maintain security programs and metrics
• Monitor, oversee and report on compliance with security controls and policies
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements
• Assess and implement new security technologies and work with outside vendors, consultants and managed services companies

Skills: Security Strategy, Regulatory Compliance, Risk Prioritization, Awareness Training, Policy Monitoring, Audit Readiness, Vendor Management, Metrics Development

• Participate in the technology risk governance process
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
• Develop a strong working relationship with the IT operations team
• Develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
• Coordinate and participate in onsite and offsite third-party security assessments to ensure compliance with security policies and standards
• Participate in the operational components of incident management, including detection, response and reporting
• Oversee information security audits, whether performed by the organization or third-party personnel
• Manage security team members and all other information security personnel
• Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements

Skills: Risk Assessment, Control Framework, Compliance Oversight, Incident Management, Audit Coordination, Team Leadership, Security Architecture, Stakeholder Engagement

• Bring the audit strategic vision to IT to develop a control and audit group approach
• Develop, improve Support Security Risk Analysis processes and techniques for all the IT teams' domains
• Coordinate activities between functions to manage to achieve mutually beneficial agreements ( win-win )
• Promote CBUs' Security best practices and expertise within the Group through formal discussion with the Corporate Security Team
• Lead team of up to 4 people
• Report and coach the IT Security Officer and CTO regarding IT Security
• Build and improve an IT Security Strategy and Roadmap within the IT Security Office
• Support the IT Department, DevOps and Engineering regarding IT Security
• Identify IT Security gaps and evaluate improvements
• Define and implement guidelines for a secure, highly available, and scalable Product environment and cloud (SaaS) solutions

Skills: Audit Strategy, Risk Analysis, Cross-Functional Coordination, Security Promotion, Team Leadership, Strategy Roadmap, Security Coaching, Cloud Security

• Research the latest information technology security trends
• Monitor the organization’s networks and infrastructure for security vulnerabilities and lead the mitigation plans
• Help to design, implement, and maintain the organization’s cybersecurity plan
• Direct implementation of security controls according to standards and best practices for the organization
• Direct the installation and use of security tools to protect sensitive information
• Recommend security enhancements to IT Management
• Ensure that IT security audits are conducted periodically 
• Manage information security risks by routine assessments and developing a vulnerability and patch management plan and implementing the required controls
• Produce scheduled reports of the status of IT’s compliance with DoubleVerify’s information security program, contractual requirements and globally-recognized standards and guidelines
• Lead all information security implementation projects and provide hands-on support
• Work with the incident response team to contain and investigate security events, and prevent future information security breaches with detailed root cause analysis
• Develop and maintain technology, operations roadmaps for security infrastructure components, including intrusion prevention/detection, data security
• Identity and access management, IT/network security, security information and event management, vulnerability management, code review, etc.

Skills: Security Trends, Vulnerability Management, Cybersecurity Planning, Security Controls, Risk Assessment, Incident Response, Compliance Reporting, Identity Management

• Making sure that computers and accounts for new starters are ready for their first day
• Identifying when a computer problem requires hardware repair or replacement, and handling the repair process end-to-end with the manufacturer or service provider
• Engaging with computer and peripheral suppliers to get quotes, create purchase orders, place orders, and take them in
• Making sure that offboarded employees' devices are returned properly and access to company systems has been revoked
• Install and configure software and computer systems
• Troubleshoot and resolve issues with software or hardware
• Maintain documentation that provides technical support to the entire organization
• Analyze records and logs to spot underlying trends and potential issues
• Support the implementation of new solutions or applications
• Conduct Security training for new and existing employees
• Lead the IT and Security Operations team, which currently consists of 1 person

Skills: Device Provisioning, Hardware Support, Vendor Management, Offboarding Security, Software Installation, Issue Troubleshooting, Log Analysis, Security Training

• Manages two teams of security operations (SecOps) and project delivery
• Leads security incident responses as Security Incident Response Manager (SIRM) for NCA to quickly identify, contain, respond, monitor and report the incident
• Leads in security technology evaluation to identify suitable products for NCA that can integrate and operate effectively
• People development and management of 2 teams of security professionals
• Leads security risk assessment and management to manage NCA security risks
• Leads security operations during internal and external audits and penetration tests
• Provides management reporting and updates on security operations performance and potential risks
• Handle risk acceptance and deviations from IT Security Policy
• Generate and follow up on baseline scan and hardening compliance checks
• Manage and track security advisories from GITSIR, TAB and Principals
• Review NIPS events and assist in implementing new signatures
• Handle security alerts from CWC, GICS, and security devices
• Handle change requests (including code scan results)
• Handle reporting (Service Management, PWC, Ops Meeting, Weekly Security Update)

Skills: Security Operations, Incident Response, Technology Evaluation, Team Leadership, Risk Management, Audit Support, Policy Compliance, Advisory Tracking

• Establish, maintain, monitor and improve the Information Security Management System (ISMS) to follow Information Security Standards such as ISO 27000, GDPR, etc.
• Monitor security policies, programs or procedures to ensure compliance with internal security policies, licensing requirements and applicable government security requirements
• Recognize problems by identifying abnormalities, respond immediately to security incidents, and come up with post-incident analysis and reporting security violations
• Develop best practices and security standards
• Implement security improvements by assessing current situations, evaluating trends and maintaining security controls
• Determine security violations and inefficiencies by conducting periodic security audits to identify potential vulnerabilities related to asset protection, ensure operational security controls are implemented and maintained properly
• Develop and maintain the security mechanism to proactive identify external non-technical threats
• Defense system against unauthorized access, modification and/or destruction from daily internal and external threats by monitoring system health
• Develop and improve business continuity planning and disaster recovery protocols
• Develop and train employees for security awareness with best practices and company regulations/policies

Skills: ISMS Management, Policy Monitoring, Incident Response, Security Standards, Vulnerability Audits, Threat Detection, Disaster Recovery, Security Training

• Experience developing and implementing risk, standards and/or compliance frameworks
• Experience developing and implementing governance models
• Demonstrated knowledge of Australian Government security standards
• Demonstrated knowledge of industry standards for information technology and security
• Able to manage stakeholders that span technical and non-technical individuals/functions
• Experience with engaging with government agencies on compliance, security, risk, and governance issues
• Experience with managing communication on incidents, managing security incidents
• Ability to learn and implement standards, including new standards over time
• Experience in undertaking audits and/or reviews of systems
• Strong understanding of Network and Infrastructure security
• Proven experience in a similar role, management of IT Security systems
• Background in maintenance and development of Information security processes, best practices and procedures
• Knowledge of Security frameworks (e.g., ISO 027001, PCI-DSS, NIST)
• Previous experience managing a Security Team

Qualifications: BA in Management Information Systems with 9 years of Experience

• Ability to use and understand Microsoft Office Applications (Project, Excel, Word, Visio, etc.), email, Internet navigation and presentation software (PowerPoint or other software)
• Strong understanding of casino products (slots and table games), systems and/or similar environments
• Knowledge of Bally’s Gaming Management System (GMS) V15
• Excellent organization, written and client-facing skills
• Experience of the entire project life cycle, able to operate in the initial conceptual design stage
• Broad understanding of security technology
• In-depth understanding of information security policies and risk analysis
• Ability to perform vulnerability identification, assessment and mitigation in heterogeneous environments
• Ability to perform periodic internal audits to ensure compliance with Security policy and guidelines
• Experience in dealing with a wide range of technical and non-technical personnel and issues
• Ability to instruct employees in security awareness and practices
• Ability to relate business requirements and risks to technology implementation for security-related issues
• Strong oral and written communication skills
• Working knowledge of MS Windows and UNIX operating system controls and platforms
• Knowledgeable of network operations, controls and components
• In-depth knowledge of business continuity and disaster recovery concepts, controls and processes
• Must work well under tight deadlines and schedules

Qualifications: BA in Information Systems with 10 years of Experience

• In-depth knowledge of IT standards applicable to IT management (e.g., COBIT, ITSM, or similar reference models)
• Experience in IT Compliance / Governance, Risk Management (ITSM) and IT Security
• Strong written and verbal communication skills with the ability to effectively communicate and present security risk concepts with business and technology partners
• Strong personal leadership, collaboration, bias for action and experience working within fast-paced, complex and high-performing Digital/Agile/Scaled Agile teams
• Strong understanding of IAM controls, including Privileged Access, Identity Management and Authentication, and Request, Approval and Provisioning controls
• Experience in Security and /or Risk Management and/or Corporate Technology with an aptitude in application and platform security
• Working experience designing and implementing cloud services (e.g., IaaS, PaaS, SaaS, etc.) offered from public cloud service providers (e.g., AWS, Microsoft Azure, Google, etc.)
• Working experience in multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Experience in multiple modern development practices (e.g, microservices, containers, orchestration, continuous integration and delivery pipelines, API first, service delivery and integration)
• Experience in enterprise Identity and Access Management solutions (e.g, Federated Identity, Privileged Access management, Active Directory, Role Based Access Control)
• Experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles

Qualifications: BS in Computer Science with 8 years of Experience

• Security certifications, training, and experience with CMMC, NIST, and/or Cybersecurity Framework 
• Strong leadership skills and demonstrated ability to work effectively with business stakeholders, IT management teams, and IT staff
• Able to communicate effectively with IT management, infrastructure teams and software development and test teams
• Experience developing and maintaining policies, procedures, standards and guidelines
• Proficiency in performing vulnerability assessments and managing projects
• Strong understanding of cloud security, operating system internals, and network protocols
• Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST 800-171, CIS Benchmarks, and more to technical and non-technical staff, developers, system/network administrators, and management
• Ability to work flexible schedules to meet job requirements
• Excellent understanding of all information security domains including infrastructure and application security
• Experience in anti-virus, endpoint protection, mail and web filtering tools
• Experience with AWS, Azure and Office 365 Security tools
• Experience of working within an Architecture Framework to transform the IT Services

Qualifications: BS in Cybersecurity with 7 years of Experience

• Experience with enterprise IT security infrastructure solutions and network infrastructure (Identity and Access Management, Key Management)
• Knowledge and understanding of risk-based approaches to IT security
• Good communication skills in English, written and oral
• Basic understanding of cloud and cloud security controls
• Professional experience as e.g., Security Architect, Network Architect, Solution Architect or similar
• Experience with stakeholder management as a link between IT security and the research labs
• Experience with network services such as (Remote desktop, MSCA, AD)
• Practical experience with software systems, e.g., SCCM, McAfee, Carbon Black and Splunk Nexthink, and Citrix
• Experience with IT service management and solution implementation
• Hands-on approach to Windows solution software and firewall protection

Qualifications: BS in Network Engineering with 6 years of Experience

• Must obtain one of the certifications from IAM Level II or IAT Level II
• Experience managing cybersecurity/ISSO support for a large Government agency
• Experience managing personnel and meeting deadlines
• Must have Microsoft Azure Security Engineer Associate certification
• Must have ITIL Intermediate Level Certification
• Experience managing DOS cybersecurity posture and/or ISSO support and security management processes
• Experience managing cybersecurity, security controls and performing audits in off-premise/cloud environments and systems
• Knowledge of network security principles, best practices and industry standards
• Knowledge of security models that maintain and enforce security policies
• Exceptional communication skills both within and outside of the IT Department
• Previous professional experience in IT security
• Proven experience in designing internal and external audits
• Analytical skills as well as conceptual thinking
• Familiarity with agile working methods
• Very good overview of technical developments

Qualifications: BS in Information Security and Risk Management with 9 years of Experience

• Broad and in-depth knowledge of IT security and security systems
• Knowledge and experience with IT security standards (ISO27001/2, NIST, CoBIT, OWASP, PCI, etc.)
• Experience in IT and IT audits
• Knowledge and understanding of system flow charts, data processing concepts and telecommunications principles
• Experience with cloud-based solutions and the IT security around these
• Experience in interpreting the applicability of laws and regulations (including data privacy practices and laws) to company operations
• Must have a vast body of knowledge in information security and risk management
• Must have a technology background, at least substantially in Application Development and Architecture, ideally across Infrastructure and Operations on top
• Strong understanding of Software Development Methodologies, especially Agile and DevSecOps
• Working experience with tools such as Checkmarx, BlackDuck, Burp Suite, and AppScan, and can plan and execute dynamic tests
• Intimately familiar with how to apply Security Development Lifecycle policies in practice
• Good understanding of cloud computing models, how they differ from traditional hosting options and what changes are needed to provide secure services on top of them
• Knowledge of applicable laws and practices relating to information security and privacy, e.g., GDPR, ISO 27001:2017 and ISAE3402

Qualifications: BA in Computer Information Systems with 8 years of Experience

• Advanced knowledge of networking and related security technology such as Intrusion Detection, URL filtering, Web-proxies, DNS, etc.
• Advanced Active Directory technology including global policies, synchronization, federation, SAML, and IAM integration
• Advanced understanding of NIST and HIPAA/HiTech security requirements
• Knowledge of O365 security, including Mobile Security Management
• Knowledge of Security Center Operations and procedures
• Must have great analytical skills
• Customer service attitude support skills
• Experience with static and dynamic code analysis
• Must have strong application security engineering
• Solid knowledge of encryption concepts, data security principles and practices
• Familiarity with GLBA, FFIEC, and PCI
• Effective organizational skills, including attention to detail, a strong sense of accountability and the ability to implement change in a complex environment
• Excellent written and oral communication skills, including the communication of complex technical issues and concepts to non-technical staff in multiple departments
• Critical thinker with demonstrated problem-solving skills
• Experience working with perimeter technologies (e.g., firewalls, proxies, NIDS) and application security tools
• Demonstrated ability to prioritize and successfully manage competing work assignments in a time-sensitive environment

Qualifications: BS in Information and Network Security with 10 years of Experience

• Must have a professional certification (or suitable compensating experience) in the audit (CISA, etc) or security field (CISSP or CISM for instance)
• Familiarity with any of the traditional audit frameworks (COBiT, SOC Type II)
• Strong experience in privacy regulations (PIPEDA, HIPAA, CASL or equivalent)
• Exposure to forensic toolkits with a particular emphasis on IT-related knowledge
• Strong understanding of network design, tiered and secure architectures
• Proven success at traditional and Agile project management software development methodologies, strong time management skills, interpersonal and conflict resolution and management expertise
• Demonstrated leadership and decision-making skills
• Strong ability to influence and discuss complex technology problems in business language
• Must be an excellent and polished communicator who may be called upon to create and present materials to the Executive and the Board of Directors
• Ability to seize opportunities to improve technology processes and footprint while managing multiple demands concurrently

Qualifications: BA in Security Studies with 5 years of Experience

• Working experience in cybersecurity and risks in cloud ecosystems like AWS
• Practical experience in architecture, design, provision and administration of IT security devices and appliances
• Strong technical skills, which may include experience with Linux and Windows operating systems, scripting languages like Python, and cloud ecosystems like AWS
• Knowledge in networking protocols, IT security technologies 
• Strong understanding of financial services regulations and framework related to IT
• Must have certifications in cloud, networking or cybersecurity, e.g., AWS, CISSP, CISM, CISA
• Knowledge of DevOps techniques and Agile practices
• Experience in securities exchange, derivatives trading, cryptocurrencies and blockchain 
• Must have good interpersonal communication skills (written and oral)
• Able to communicate proficiently in English and Mandarin to liaise with both English and Mandarin-speaking counterparts
• Highly analytical and able to work independently
• Good strategic thinking, quantitative analysis, collaboration, problem-solving, judgment, and decision-making skills

Qualifications: BA in Intelligence and Security Studies with 7 years of Experience

• Must have Information Security specific certification (such as CISM, CISSP, CISA)
• Expert understanding of all aspects of information security principles, policy and its application in business and technology areas 
• Understanding of core cloud security principles
• Knowledge of risk assessment methodologies and techniques and controls assurance techniques
• Ability to engage positively with WTW clients and business stakeholders
• Knowledge and experience in supporting information security audits
• Ability to work across multiple lines of business and contexts, and to understand that different teams will require different engagement approaches
• Knowledge of IT infrastructure and DNS
• Knowledge of command line language and security encryption
• Knowledge of other coding languages such as Python and/or Java
• Knowledge of blockchain technologies
• Understanding of SDLC or SSDLC
• Ability to diagnose and troubleshoot basic technical issues
• Experience with the configuration of Wi-Fi networks and/or firewall configuration
• Knowledge/Experience with MAS TRM
• Basic/General Knowledge on VAPT scope, and types of testing
• Must be able and willing to communicate effectively with colleagues and vendors

Qualifications: BA in Applied Information Technology with 10 years of Experience

• Working experience in information security overall management
• Familiar with the strategies, processes and tools of information security management and control
• Good security technology foundation, and familiar with security products and technologies such as security scanning, network attack/ defense and security audit, etc.
• Excellent communication and coordination skills
• Strong execution and effective problem-solving skills
• Good business acumen, with strong teamwork spirit and management skills
• Strong ability to deal with emergencies
• Excellent analytical and problem-solving skills
• Strong attention to detail, demonstrated integrity and professionalism
• Knowledge of and experience working with SOX, NIST CSF, and PCI Frameworks
• Able to identify and Access management program development and management
• Able to identify issues, diplomatically resolve problems, and effectively manage conflict
• Ability to act calmly and competently in high-pressure, high-stress situations

Qualifications: BA in Business Cybersecurity with 6 years of Experience

• Experience managing technical and non-technical groups to drive business outcomes
• Experience with security technologies, including CCTV, Access Control, Incident Management Systems, and Security Operations Centers
• Experience in conducting investigations, including criminal, human resources, and safety incidents
• Experience in data center and security system elements of design
• Experience in working on active construction sites and providing safety/security countermeasures
• Ability to multitask in a fast-paced environment
• Excellent written and verbal communication skills
• Working experience in IT administration, personnel and team management and/or managing departmental functions (vendor negotiations, forecasting and strategic planning)
• Experience with supporting security technologies in an information security role
• Experience in vulnerability and patch management
• Experience with security and networking architecture
• Experience creating and maintaining documentation standards, playbooks and policies
• Understanding of mobility management systems
• Must be able to demonstrate computer proficiency, especially with Microsoft Excel, Word, and PowerPoint and other PC based programs
• Ability to be flexible, adaptable and agile in foreign environments
• Knowledge of how technical and functional roles contribute to and impact bottom-line results

Qualifications: BA in Business Information Technology with 12 years of Experience

• Experience in risk management across any of the three lines of defense
• Proven ability to identify risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data
• Working knowledge of one or more of the data mining tools/technologies (e.g, Microsoft Excel, Pivot Tables, SQL, SAS, Python, R)
• Experience in risk management across cyber security, information technology, 3rd party, and business continuity management
• Understanding of risk assessment methodologies, frameworks and industry standards (e.g, COSO, COBIT, ISO 27001, FAIR or NIST RMF)
• Knowledge of relevant policies and regulations (e.g, OCC Heightened Standards, FFIEC IT booklets)
• Experience with Governance, Risk and Compliance tools (e.g, Archer)
• Excellent analytical skills with high attention to detail and accuracy
• Excellent critical thinking and problem-solving skills
• Excellent verbal, written and interpersonal communication skills
• Strong understanding of enterprise information security and information risk management
• Excellent analytical skills to correlate reports and indicators to identify risks, weaknesses or gaps, and recommend possible treatments
• Able to lead and influence cross-functional teams to achieve corporate goals
• Good interpersonal skills and a strong team player

Qualifications: BS in Cybersecurity with 7 years of Experience

• Prior experience in an IT security role
• Subject matter expert in areas of hardware and software vulnerability analysis, compliance and cybersecurity best practices
• Professional security accreditation such as CISSP, CISA, CEH and/or equivalent
• Good working knowledge of the security features of Microsoft Office 365, Azure and other cloud platforms
• Hands-on experience with security appliances such as Firewalls, Sophos Central, etc
• Interpret security logs from servers and network equipment
• Experience in project management
• Must be meticulous, detail-oriented and able to adapt to a fast-paced environment
• Adaptable yet driven to explore emerging technologies
• Able to keen awareness of IT security best practices
• Experience in the hotel industry 
• Working experience in managing a cybersecurity / NOC environment
• Working experience in managing cybersecurity services, including firewall, anti-virus, malware, WAF, end-point management, etc.
• Familiar with IT security operations/management processes
• Certification of CISSP, CISM, CEH or CompTIA Security+
• Knowledge of IM8 and ISO27001 standards 

Qualifications: BS in Computer Science with 8 years of Experience

• Senior-level experience in administering enterprise infrastructures in large enterprises
• Experiences both On-premises and cloud-based security technologies, with possible specific cloud-based certifications
• Current or previous Cisco Certified Network Certifications
• Strong customer-focused skills with the ability to recognize customer requirements
• Extreme attention to detail with excellent documentation skills
• Project Management and/or Operational Management experience in an enterprise IT environment
• Must have professional certification (e.g., CISSP, CISM, CEH or equivalent Certification etc) 
• Solid Technical Experience in Information Security Frameworks and Policies
• Solid Experience in IT security management and managing small teams
• Good Spoken and written skills, able to do well in presentations to senior stakeholders
• Working experience in managing and executing projects based on endpoint security, data loss prevention and vulnerability management domains

Qualifications: BS in Network Engineering with 6 years of Experience

• Working experience in Information security program management and compliance
• Deep understanding of industry-accepted standards and frameworks (ISO 2700x, NIST, PCI)
• Strong multi-tasking skills with the ability to handle multiple priorities
• Proficiency with MS Office applications including Project and Visio
• Exceptional organizational skills
• Ability to work independently
• Information Security work experience in Information Security Consultancy and IT Risk Management
• Possess security-related certifications such as CISSP, CISM or CISA, with strong information security knowledge of IT legislations such as PDPA, MAS TRM and PCI, industry Information Security best practices/principles
• Highly disciplined and diligent in driving deliverables strictly within defined timelines
• Strong communication/presentation/writing skills with proficiency in writing and speaking English and Mandarin to liaise with Chinese counterparts
• Disciplined in being guided by a set of formalized security policies, standards, procedures and frameworks
• Logical and methodological, with good planning and organizational skills
• Able to work independently and as a strong team player with good interpersonal skills
• Experience in working in companies in a bigger setup with various lines of business

Qualifications: BS in Computer Engineering with 10 years of Experience

• Security experience in a complex IT environment
• Demonstrated ability to deliver complex IT projects on time and within budget
• Goal-oriented with the ability to independently achieve desired results utilizing both internal and external resources
• Familiarity and experience with regulatory compliance and reporting bodies (HIPAA, JACHO, etc.)
• Thorough knowledge of information management security
• Familiarity and experience with incident response, disaster recovery and business availability programs and procedures
• Excellent organizational and communication skills
• Excellent planning skills and ability to coordinate own workload
• Must have a methodical and organized approach to work, with the ability to think ahead and prioritize tasks
• Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies
• Extensive experience implementing/maintaining ISO27001 and managing external audits
• Comfortable performing regular internal audits
• Demonstrable experience in building relationships across the organization to develop buy-in to infosec matters
• Understanding of infosec best practices and approaches such as OWASP

Qualifications: BA in Digital Forensics with 7 years of Experience

• Professional experience in IT operations and IT management
• Experience with IT security audits and information management systems
• Must have practical knowledge in the implementation of ISO 27001, BSI standards, GDPR, and related standards - both national and European
• Knowledge in the area of the Mobile Application Security Verification Standard or comparable standards of mobile application security
• Experience with penetration testing in different segments (web applications, server landscapes, mobile apps or IoT) or ""ethical hacking"" in the telecommunications environment
• Experience in a comparable Federal Government Security role
• Outstanding knowledge of and experience with Cyber Security and Information Security disciplines
• Experience in managing security in complex ICT environments and finding pragmatic, effective solutions to diverse and complex issues
• Proven ability in managing complex environments and finding pragmatic, effective solutions to diverse and complex issues
• Experience in Security Compliance management and applying Federal Government security policy
• Highly capable and articulate documentation writing

Qualifications: BS in Data Analytics with 6 years of Experience

• Work experience in IT Audit or in the Information Technology area (common operating systems, databases, threat operations, vulnerability management, cloud security, as well as cryptographic topics) in the financial industry
• Demonstrable experience of auditing IT Cyber/Information Security topics, risk-based auditing, and a clear understanding of the relationship between IT risk and underlying business process risk
• Strong understanding of cyber security standards (e.g, NIST, OWASP, ISO27001) and knowledge of the regulatory environment in the financial sector (e.g, KAIT, BAIT, ESMA cloud guidelines)
• Professional / industry-recognized certifications (e.g, CISA, CCSP, CISSP, OSCP)
• Must have a confident appearance and strong verbal and written communication skills and the ability to communicate on all hierarchy levels
• Fluent in English and German
• Self-driven, eager to learn, well-organized team player with strong analytical skills
• Experiences in the computer security area
• Must have a foundation in good information security practices
• Knowledge of International Security frameworks, Standards, and Guidelines, e.g., COBIT, NIST-800, ISO 27001, PCI-DSS, OWASP, etc.
• Experience in system and application security management and control
• Experience in facilitating information security risk assessments
• Professional certificates related to work (e.g., CISSP, CISM, CISA, CRISC, CEH, Sec+, ISO 27001, PCI DSS or similar general security certification) 
• Strong problem-solving and analytical abilities 
• Able to work under minimal supervision

Qualifications: BS in Systems Administration with 8 years of Experience